Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/3uE84MA2lJx6qBEXnHh07JzzVzg.roa
File:                     3uE84MA2lJx6qBEXnHh07JzzVzg.roa (raw, json)
Hash identifier:          wIi5dFTVH5j1sqsdagFkVsukhkPuSbDIuQj9+gkmBm0=
Subject key identifier:   DE:E1:3C:E0:C0:36:94:9C:7A:A8:11:17:9C:78:74:EC:9C:F3:57:38
Certificate issuer:       /CN=39cef2e2df5b4ada21e4736b00b7eb89e4d3eb39
Certificate serial:       018CC86F2319F727008E2EA4B4A5D658253E
Authority key identifier: 39:CE:F2:E2:DF:5B:4A:DA:21:E4:73:6B:00:B7:EB:89:E4:D3:EB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oc7y4t9bStoh5HNrALfrieTT6zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/3uE84MA2lJx6qBEXnHh07JzzVzg.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56693
IP address blocks:        91.226.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/Oc7y4t9bStoh5HNrALfrieTT6zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/Oc7y4t9bStoh5HNrALfrieTT6zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oc7y4t9bStoh5HNrALfrieTT6zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:23:19:f7:27:00:8e:2e:a4:b4:a5:d6:58:25:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39cef2e2df5b4ada21e4736b00b7eb89e4d3eb39
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dee13ce0c036949c7aa811179c7874ec9cf35738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:45:a6:d1:e3:fe:9b:be:3d:db:f9:44:2f:58:
                    68:bb:53:fb:e8:18:9d:83:f3:c9:95:bf:c6:a4:e1:
                    0f:ea:36:c9:f1:4e:e0:cf:86:48:ac:b1:66:e8:ce:
                    7b:ae:ea:6c:3e:db:f6:85:48:a5:d3:32:13:0d:af:
                    7b:95:7b:b7:55:c4:66:c2:a4:fc:88:c2:88:7c:36:
                    33:4e:63:0e:b1:92:3d:52:53:a8:0b:3f:83:7f:24:
                    c0:27:eb:57:7f:f0:8e:4e:04:01:b2:62:a2:b1:e8:
                    14:53:c1:6d:13:99:72:1c:69:5c:2b:90:8d:14:a5:
                    cc:1a:59:11:d5:95:01:82:88:bf:f4:35:29:8a:0d:
                    c8:25:95:59:5c:3e:84:8e:d5:2d:88:a2:d8:9f:86:
                    ed:48:86:83:34:04:3b:20:e4:41:9a:f2:2c:23:b3:
                    cc:02:5f:61:76:85:79:c9:de:1b:e4:ea:e0:e1:10:
                    ab:67:1a:2f:bd:cd:46:ce:ba:fa:20:fb:59:ad:be:
                    b8:40:70:1b:30:c4:59:ca:e9:2e:c2:1b:cc:b2:c1:
                    56:d5:8b:b1:35:54:6b:d9:50:6d:d3:72:f2:9f:7c:
                    cb:fc:6f:6f:a2:fc:ba:88:03:02:00:9b:7c:74:21:
                    7c:84:5f:c8:69:8e:54:09:4f:7f:2f:ca:8e:81:78:
                    5a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E1:3C:E0:C0:36:94:9C:7A:A8:11:17:9C:78:74:EC:9C:F3:57:38
            X509v3 Authority Key Identifier:
                keyid:39:CE:F2:E2:DF:5B:4A:DA:21:E4:73:6B:00:B7:EB:89:E4:D3:EB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oc7y4t9bStoh5HNrALfrieTT6zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/3uE84MA2lJx6qBEXnHh07JzzVzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/Oc7y4t9bStoh5HNrALfrieTT6zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:bb:f6:5e:bd:9e:d4:fa:28:17:ad:fc:52:5f:a4:ad:82:57:
         c4:2a:63:9e:d7:90:a8:b5:f6:97:64:36:27:ce:f9:58:3c:3e:
         09:cf:d0:30:a5:c3:d8:6a:d8:48:2f:dc:08:2c:45:4a:00:38:
         a7:8b:4b:54:f1:39:48:71:2b:ed:35:3c:91:97:f7:06:4b:9b:
         0f:d7:a4:f1:2f:36:a4:6a:d6:04:bb:d9:12:cb:5d:c4:fd:9f:
         15:30:6a:85:ea:d2:b3:63:93:93:9b:fb:6e:be:e8:ae:27:3a:
         6d:03:95:74:6e:3a:4c:fc:47:ca:86:87:f1:27:89:0f:26:08:
         c3:c2:99:cd:9b:4d:59:30:a4:be:39:f1:6c:78:36:f5:6e:6f:
         a3:ec:42:11:79:0c:71:77:9b:25:de:1a:26:58:82:7a:29:10:
         04:0d:11:79:b6:ba:fa:2b:23:77:4f:5a:f9:48:ba:5e:9d:c5:
         cf:b3:ca:3c:88:d8:2e:39:40:1b:8f:88:05:f0:7d:ad:59:73:
         3f:ee:8a:91:ac:8a:c4:32:77:98:67:ab:86:16:c6:5d:b9:d9:
         3f:bd:a3:3a:6f:be:75:b7:96:ef:0a:c4:08:38:5c:1f:79:42:
         ba:23:93:b9:b3:36:6d:2b:10:1a:1b:c5:96:cf:ca:cc:1e:8d:
         5d:a6:0d:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyMZ9ycAji6ktKXWWCU+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Y2VmMmUyZGY1YjRhZGEyMWU0NzM2YjAwYjdlYjg5ZTRk
M2ViMzkwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWUxM2NlMGMwMzY5NDljN2FhODExMTc5Yzc4NzRlYzljZjM1NzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkWm0eP+m7492/lEL1hou1P76Bid
g/PJlb/GpOEP6jbJ8U7gz4ZIrLFm6M57rupsPtv2hUil0zITDa97lXu3VcRmwqT8
iMKIfDYzTmMOsZI9UlOoCz+DfyTAJ+tXf/COTgQBsmKisegUU8FtE5lyHGlcK5CN
FKXMGlkR1ZUBgoi/9DUpig3IJZVZXD6EjtUtiKLYn4btSIaDNAQ7IORBmvIsI7PM
Al9hdoV5yd4b5Org4RCrZxovvc1Gzrr6IPtZrb64QHAbMMRZyukuwhvMssFW1Yux
NVRr2VBt03Lyn3zL/G9vovy6iAMCAJt8dCF8hF/IaY5UCU9/L8qOgXha6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7hPODANpSceqgRF5x4dOyc81c4MB8GA1UdIwQY
MBaAFDnO8uLfW0raIeRzawC364nk0+s5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2M3eTR0OWJTdG9oNUhOckFMZnJpZVRUNnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS80YjFiNDktYmI3YS00YTZlLWJhOWMt
ZjIyNGRlNjBiNDliLzEvM3VFODRNQTJsSng2cUJFWG5IaDA3Snp6VnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS80YjFiNDktYmI3YS00YTZlLWJhOWMtZjIyNGRlNjBiNDli
LzEvT2M3eTR0OWJTdG9oNUhOckFMZnJpZVRUNnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+K2MA0G
CSqGSIb3DQEBCwUAA4IBAQAhu/ZevZ7U+igXrfxSX6StglfEKmOe15CotfaXZDYn
zvlYPD4Jz9AwpcPYathIL9wILEVKADini0tU8TlIcSvtNTyRl/cGS5sP16TxLzak
atYEu9kSy13E/Z8VMGqF6tKzY5OTm/tuvuiuJzptA5V0bjpM/EfKhofxJ4kPJgjD
wpnNm01ZMKS+OfFseDb1bm+j7EIReQxxd5sl3homWIJ6KRAEDRF5trr6KyN3T1r5
SLpencXPs8o8iNguOUAbj4gF8H2tWXM/7oqRrIrEMneYZ6uGFsZdudk/vaM6b751
t5bvCsQIOFwfeUK6I5O5szZtKxAaG8WWz8rMHo1dpg1N
-----END CERTIFICATE-----